Forgot your password?
typodupeerror
Security Power

CIA Claims Cyber Attackers Blacked Out Cities 280

Posted by ScuttleMonkey
from the say-g'night-dick dept.
Dotnaught writes to tell us InformationWeek is reporting that the CIA admitted today that recent power outages in multiple cities outside the United States are the result of cyberattacks. "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
This discussion has been archived. No new comments can be posted.

CIA Claims Cyber Attackers Blacked Out Cities

Comments Filter:
  • by munrom (853142) on Saturday January 19, 2008 @03:21AM (#22106196)
    Am I the only one that thinks thats a really stupid thing to do?
    • by Tablizer (95088) on Saturday January 19, 2008 @04:04AM (#22106492) Homepage Journal
      Am I the only one that thinks thats a really stupid thing to do?

      It takes only a single breach. The story mentioned it may be an inside job, which means somebody may have put a single little link between the two systems, breaking the separation.
         
    • I really liked the last paragraph in the article:

      Citing two Government Accountability Office reports on SCADA security, Paller said that people have been adding wireless and Windows to SCADA systems without really thinking about security. "They're gotten radically unsafe," he said.

      Windows + wifi + scada + power_grid = fun_and_games

    • No you are not, unfortunately most management at places like that are so incredibly stupid they ignore warnings about that and want it online anyways.

      Hell Most water filtration plants are that way. Instead of an inconvenience of power out, those can kill the population. And yes I know what I am talking about I worked as an operator in one for 7 years.

      SCADA systems have no reason being connected to any network other than their own secure one. It is gross incompetence on the management of those facilities t
      • by Rogerborg (306625) on Saturday January 19, 2008 @11:44AM (#22108842) Homepage

        Damn skippy. When I worked as a SCADA dev, we had one (1) machine connected to the internet, in a locked room. If you wanted to move something from there to a machine on the LAN, you did it by burning CDs, and the culture (rather than just the 'procedures') was genuinely against installing anything that wasn't absolutely necessary. Nobody outside of IT had admin access to their desktops.

        That was our dev house procedures though. As you say, it all falls apart on the production systems. Once customers started using commodity Windows boxes, it was all over. We found one production box where the night watchman had hacksawed off the padlock on the back, opened it up and installed a sound card so that he could play games on it, presumably by plugging an optical drive in for the duration. It was pwoned by his warez and needed a brain wipe. Quis custodiet ipsos custodes?

    • Am I the only one who assumes that parent thinks that as a result of such attack cyberterrorist will lose his access to the internet or won't be able to complete the attack because the target will lose its internet connection?

  • Just in time... (Score:3, Informative)

    by subl33t (739983) on Saturday January 19, 2008 @03:22AM (#22106198)
    ... for US Federal elections. Coincidence?
    • FTFA:

      Donahue said that the CIA had thoroughly weighed the pros and cons of making this information public, according to Paller.
      And then decided that it should be made public but only after 5 pm on a Friday so that by the time most people notice, it's old news.
      • Actually, the original post was a clip from a SANS NewsBites email. While it did come out on Friday, the main announcement was probably sometime during the week.
    • The article says that extortion attempts followed the cyber-attacks, which suggests this is criminal, not political. Not that they can't be both of course, but someone trying to disrupt elections probably wouldn't call in a monetary demand until after they really succeeded in their goal.
  • i smell... (Score:2, Insightful)

    by Anonymous Coward
    a thinly-veiled excuse to get all george orwell up in your internets. this is the same CIA that found weapons of mass destruction in iraq...
  • by slyn (1111419) <ozzietheowl@gmail.com> on Saturday January 19, 2008 @03:24AM (#22106218)
    Is there really any excuse of convenience that justifies connecting the nations major utilities to the internet?

    At least if there is a firesale Justin Long and Bruce Willis will be there to save us. Coincidence that Mac Guy would be the one to save us? I think not.
    • by Bob54321 (911744)
      You mean it wasn't factual that they had to go to the site to shut down the power. My belief in documentaries has just plummeted.
      • by slyn (1111419)
        I'm confused as to what you are asking, but it says in the article:

        Paller said that Donahue presented him with a written statement that read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at le

  • Where and When? (Score:4, Interesting)

    by imemyself (757318) on Saturday January 19, 2008 @03:28AM (#22106250)
    I actually did skim the article, but I didn't see anything pertaining to when these attacks/outages happened or where (other than outside the US). Does anyone have an idea about what power outages they are refering to?
    • Re: (Score:3, Interesting)

      We had power outages here in Vancouver, various blocks went out... but it was reported in the media that it was due to the high winds... hmmm, strange that only a few random blocks downtown were affected?
      • Los Angeles (Score:3, Insightful)

        LA has been getting them over the past few weeks pretty regularly. Entire sections of Hollywood down for several hours at a time (maybe a dozen blocks at a time), and then a couple days later it will be a section starting a few blocks away. Seems to have stopped a couple weeks ago (or was it last week?) But of course I can't tell, I haven't been driving up and down LA to check if it's still happening. But it seemed really weird and random, and the cops were not directing traffic right away (which sugges
        • LOL I just re-read the article and you're right, the attacks are said to have all happened outside the US; I thought I had read that they were coming from outside the US, not that the power went out outside the US. Oh well, I guess Los Angeles really is outside the US in so many ways....
      • by Hucko (998827)
        When you say a few blocks ... I don't believe they have switches at the transformer for x blocks that are connected to the internet (possible just expensive and probably uneconomical . I was an electrician and have worked in the local power supply division of an Australian power company at a remote mining community. The stuff I was working with was mostly 40+ years old, but we were updating some aspects of the distribution. It would be the switch yard that has the switching and rapid interrupt devices that
    • Does anyone remember the issues the NWS forecasting website was having the other day? I had thought it said something about server problems due to ice.I wish I remembered it the situation more clearly.
    • by jandoedel (1149947) on Saturday January 19, 2008 @08:36AM (#22107654)
      In Soviet Russia, Power never goes out. It stays in the Kremlin.
  • by schnikies79 (788746) on Saturday January 19, 2008 @03:32AM (#22106292)
    There is no better security than just not being connected, end of story.

    Where does this idea that every computer that exists must be plugged into the net come from?
    • Re: (Score:3, Interesting)

      by ecavalli (1216014)

      Where does this idea that every computer that exists must be plugged into the net come from?


      Microsoft, Linksys, Google, Yahoo ... I could go on, but the I don't want to test the theory that these text boxes have finite character limits.
    • by Z00L00K (682162)
      Works for standalone equipment, but an electrical grid is normally centrally controlled from a control center and they are either using radio links, leased lines or VPN to connect. VPN over a DSL connection is the cheapest alternative today. And any VPN needs some firewalls and if the firewalls leaks... You may have an intrusion.
  • Something smells. (Score:5, Interesting)

    by David McBride (183571) <david+slashdot AT dwm DOT me DOT uk> on Saturday January 19, 2008 @03:44AM (#22106360) Homepage
    Why are we hearing about this from the CIA, of all places? I thought counter-intelligence was the purview of the FBI, and signals intelligence the role of the NSA.

    Now add the fact that the US Director of National Intelligence has indicated that he wants to obtain the ability to monitor all Internet traffic data [arstechnica.com]:

    "[...] the government must have the ability to read all the information crossing the Internet in the United States in order to protect it from abuse."

    Contrast this with a second Ars article from yesterday, where the US Federal Energy Regulation Commission has just approved new security regulations [arstechnica.com] for the organizations (mostly private) that run the US electrical grid. Rather than blaming evil foreign hackers, Ars reports that:

    "FERC notes, in its usual bureaucratic style, that "poor vegetation management" has caused most of the problems relating to past regional blackouts."

    This all just sounds like an excuse to install packet loggers everywhere.

    (And it's not just the US authorities who want to lock down and control the Internet; the UK also recently indicated a desire to install censorship devices at the ISP level [theregister.co.uk]. Good luck with that.)
    • Re: (Score:3, Informative)

      by Solandri (704621)

      Why are we hearing about this from the CIA, of all places? I thought counter-intelligence was the purview of the FBI, and signals intelligence the role of the NSA.
      The FBI has jurisdiction over intelligence matters inside the U.S. and occasionally involving U.S. citizens and property abroad. The CIA has jurisdiction over intelligence matters outside the U.S. So investigating induced power outages in foreign cities would be a CIA task.
    • by Jonner (189691)
      Since these alleged attacks happened outside the US, and may have involved people on the inside of the plants, it would seem to be within the CIA's realm, which has traditionally put a high priority on human assets. At least, neither the FBI nor the NSA should be snooping around outside the US. If this is intended as FUD to help the US government watch all Internet traffic, I think it's a waste of resources, since those who want to communicate covertly will just use strong encryption. I know I will if I sus


    • This is another brick in the case the feds have been building to justify ballooning budgets for cyber-defense operations. Conveniently, increasing 'cyber defense' also grants the feds more abilities to inspect civilian communications, etc. Meanwhile, they ignore the meatspace threat of people physically attacking power centers. Increasing budgets for staffing people protecting physical power transmission doesn't get the feds anywhere they want to go.

      If some foreign entity wanted to wreak havoc on America'
    • I thought the same thing but for a different reason. I think its very rare (can't emphasize that enough) that the CIA ever "confirms or denys" any questions asked to it by the media let alone releases a comment to the media.

      If the breach is the result, though, of remote IP software installed on the power grid for persons to administer the electrical grid, I think this is gross negligence, stupidity and downright dangerous. It seems with the amount of capital and revenue power companies have and the fact the
  • by Duncan Blackthorne (1095849) on Saturday January 19, 2008 @03:46AM (#22106382)
    Quick, somebody call Jack Bauer, he'll know what to do!
  • by no-body (127863) on Saturday January 19, 2008 @03:50AM (#22106398)
    You must have clicked the box: "Always trust news from CIA"
  • BS (Score:4, Interesting)

    by dotancohen (1015143) on Saturday January 19, 2008 @03:50AM (#22106404) Homepage
    I call BS on this one. I was in the US just two weeks ago. The airport was at security level 4 out of 5. I asked an officer what the threat was, and he told me that in the four years that he had been working there, the threat level had not budged from level 4. That means that there are effectively only two levels of threat: 4 and 5. This also means that the officers are authorized to perform 'checks' and other violations of the rights that I know Americans used to hold dear. This is a temporary situation, I understand, however the temporary situation has been in effect for over four years it seems! I believe that the CIA 'admitting' that the power outages are attacks are a way to drum up public support for more 'checks' and ways to survey the public. If they were real attacks then I doubt the CIA would make that public. I also doubt that the CIA would be the agency to do make that public. I don't subscribe to the many conspiracy theories that populate Reddit, but from the little that I did see in the US in the three days that I was there, things have changed since 1999 (last time I was there). People are now scared. People _want_ their government to invade their lives. That is scary. I was thinking of Winston Smith the whole time.
    • I don't think so (Score:5, Interesting)

      by commodoresloat (172735) * on Saturday January 19, 2008 @04:38AM (#22106642)
      This information was released at a major security conference. If they wanted to just scare everyone they would have released this info more directly to the public rather than at a meeting of specialists who could see through a line of BS. And if they were really going for the fear factor they'd leak this on a monday or tuesday morning, not at 6pm on the friday before a long weekend. It sounds to me like they want to diminish any possible panic, not amp it up. Notice they're not blaming terrorists or enemies either; the strong implication is organized crime with some kind of inside connections. I tend to be pretty skeptical of CIA but based on the little info that is here I'm guessing they're not making this up, and they probably are hoping that letting people know who are responsible for computer security at more localized levels will make it more likely for them to trace the perps.
      • And if they were really going for the fear factor they'd leak this on a monday or tuesday morning, not at 6pm on the friday before a long weekend. It sounds to me like they want to diminish any possible panic, not amp it up.
        Obviously they don't want to cause public panic. Just 'public awareness'.
    • Re: (Score:3, Funny)

      by deimtee (762122)
      Winston Smith has now never existed.
      Thinking of unpersons is doubleplusungood.
  • Pfffft (Score:5, Funny)

    by Tablizer (95088) on Saturday January 19, 2008 @03:53AM (#22106416) Homepage Journal
    That's ridiculous. Power and services don't just suddenly cu
         
    • Re:Pfffft (Score:4, Funny)

      by jamesh (87723) on Saturday January 19, 2008 @05:41AM (#22106888)

      That's ridiculous. Power and services don't just suddenly cu

      At least when they do cut out, the residual power left in the system enables you to submit your incomplete slashdot message posting. What an age to be alive!
  • What is firehouse?
  • Better news report (Score:5, Informative)

    by greg1104 (461138) <gsmith@gregsmith.com> on Saturday January 19, 2008 @04:19AM (#22106566) Homepage
    Presuming that InformationWeek had their typical lame coverage here, a quick search found a much better article about this at Forbes [forbes.com] (they even know to ask Bruce Schneier about it!) where they link to a nice background article [forbes.com] about these SCADA systems.
  • I'm not saying this is a dupe, but I have the weirdest feeling that I've read this same summary with the same comments, even, a few years ago.
  • by Anonymous Coward
    This ain't Whiz Kids people, everything isn't connected, hackable, and DoS-able - and since when does the CIA say anything, much less in a press release? This is plain old simple psy-ops on dummmy Americans, who will say, "Yes, something must be done...for the children...", and then we'll all have a bunch more bullshit internet 'enhancing', privacy 'upholding', aptly named laws like the JESUS WRAPPED IN A FLAG Act.

    Dear CIA, If you're so concerned, go unplug the router, and don't waste your breath and insult
  • This is a real risk (Score:3, Interesting)

    by Z00L00K (682162) on Saturday January 19, 2008 @05:13AM (#22106776) Homepage
    And it is often caused by the fact that many control systems today depends on operating system from the same vendor as all other machines, namely Microsoft. In one way it's useful to have the machines on the net. This because it's cheap and easy to get a DSL line to the remote unmanned locations. The problem is that even if you do a VPN connection there is still a risk that the firewalls can be penetrated. (misconfiguration etc.)

    There is always a balance between cost and protection and it's easy to cut back the costs, since the risks are very hard to weigh. Many companies calculates with a certain amount of downtime caused by "unforseen" events. What's in this category also depends on the amount of money put into the security bag. They are just comparing the agreements with their customers and the cost for protection and are figuring out that "OK, we can allow to have a day or more downtime without violating our customer agreements".

    It's all about money, but sometimes you may think that there are people as mean as Marwin Meathead [hermanhedning.com].

  • At least, if you believe all the historical documents on video about it.

    The par they always leave out of the historical video documents, is that Skynet as an infant, needs to play to learn like any other sentient being does.

    Be worried when it STOPS playing and you don't notice anything for a while. /See you in Mexico!
  • What the hell is the control systems like this doing online in the first place?
  • "We have information", "We suspect, but cannot confirm", "We do not know who executed these attacks or why", "other information related to the attack was not mentioned and is unlikely to be forthcoming". WTF? I suspect but cannot confirm that this is complete bullshit. I do not know who invented this bullshit or why. I will not mention other information related to this bullshit and it is unlikely to be forthcoming.
  • why?

    They should be on their own darknet. Perhaps through POWERLINES?

    These industries are stupid. And why should we believe anything the CIA says?
  • by merc (115854) <slashdot@upt.org> on Saturday January 19, 2008 @02:38PM (#22110598) Homepage
    The cyber-attacks were the result of cyber-intrusions conducted by cyber-hacker cyber-criminals intent on causing cyber-damage. When caught they will be elligable for cyber-representation by cyber-lawyers for cyber-prosecution. Unfortunately said attorneys will be unable to practice cyberlaw due to the cyber-trademark registered by cyber-lawyer Eric Menhart.

    Cyber-lame.

"Life, loathe it or ignore it, you can't like it." -- Marvin the paranoid android

Working...